Skip to main content

ScanCode is a tool to scan code for license, copyright, package and their documented dependencies and other interesting facts.

Project description

ScanCode Toolkit is a set of code scanning tools that detect the origin (copyrights), license and vulnerabilities of code, packages and dependencies in a codebase. ScanCode Toolkit is an AboutCode project.

Why Use ScanCode Toolkit?

ScanCode Toolkit is the leading tool in scanning depth and accuracy, used by hundreds of software teams. You can use ScanCode Toolkit as a command line tool or as a library.

Getting Started

Instructions to get you up and running on your local machine are at Getting Started

The ScanCode Toolkit documentation also provides:

  • prerequisites for installing the software.

  • instructions guiding you to start scanning code.

  • a comprehensive guide to the command line options.

  • tutorials that provide hands-on guidance to ScanCode features.

  • how to expand ScanCode Licenses and Detection Rules with your own data.

  • how to generate Attribution from a ScanCode scan.

  • guidelines for contributing to code development.

Build and tests status

We run 30,000+ tests on each commit on multiple CIs to ensure a good platform compabitility with multiple versions of Windows, Linux and macOS.

Azure

RTD Build

GitHub actions Docs

GitHub actions Release

Azure tests status (Linux, macOS, Windows)

Documentation Status

Documentation Tests

Release tests

Benefits of ScanCode

  • ScanCode is heavily tested with an automated test suite of over 30,000 tests.

  • ScanCode is used by several projects and organizations such as the Eclipse Foundation, OpenEmbedded.org, the FSFE, the FSF, OSS Review Toolkit, ClearlyDefined.io, RedHat Fabric8 analytics, and many more.

  • You can also organize and run ScanCode server-side with the companion ScanCode.io web app to organize and store multiple scan projects including scripted scanning pipelines.

  • As a standalone command-line tool, ScanCode is easy to install, run, and embed in your CI/CD processing pipeline. It runs on Windows, macOS, and Linux.

  • ScanCode detects licenses, copyrights, package manifests, direct dependencies, and more both in source code and binary files and is considered as the best-in-class and reference tool in this domain, re-used as the core tools for software composition data collection by several open source tools.

  • ScanCode provides the most accurate license detection engine and does a full comparison (also known as diff or red line comparison) between a database of license texts and your code instead of relying only on approximate regex patterns or probabilistic search, edit distance or machine learning.

  • Written in Python, ScanCode is easy to extend with plugins to contribute new and improved scanners, data summarization, package manifest parsers, and new outputs.

  • You can save your scan results as JSON, YAML, HTML, CycloneDX or SPDX or even create your own format with Jinja templates.

  • ScanCode can process packages, build manifest and lockfile formats to collect Package URLs and extract metadata. See all available package parsers for the exhaustive list.

Support

If you have a specific problem, suggestion or bug, please submit a GitHub issue.

For quick questions or socializing, join the AboutCode community discussions on Slack.

Interested in commercial suppport? Contact the AboutCode team.

License

  • Apache-2.0 is the overall license.

  • CC-BY-4.0 applies to reference datasets.

  • There are multiple secondary permissive or copyleft licenses (LGPL, MIT, BSD, GPL 2/3, etc.) for third-party components and test suite code and data.

See the NOTICE file and the .ABOUT files that document the origin and license of the third-party code used in ScanCode for more details.

Acknowledgements, Funding, Support and Sponsoring

This project is funded, supported and sponsored by:

  • Generous support and contributions from users like you!

  • the European Commission NGI programme

  • the NLnet Foundation

  • the Swiss State Secretariat for Education, Research and Innovation (SERI)

  • Google, including the Google Summer of Code and the Google Seasons of Doc programmes

  • Mercedes-Benz Group

  • Microsoft and Microsoft Azure

  • AboutCode ASBL

  • nexB Inc.

Europa logo EC DG Connect logo

NGI logo NLnet foundation logo

AboutCode logo nexB logo

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.

NGI Discovery logo https://nlnet.nl/project/vulnerabilitydatabase/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/Back2source/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

NGI Zero Core Logo https://nlnet.nl/project/Back2source-next/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

NGI Zero Core Logo https://nlnet.nl/project/FastScan/

This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).

NGI Zero Commons Logo Swiss logo https://nlnet.nl/project/MassiveFOSSscan/

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

NGI Zero Entrust logo https://nlnet.nl/project/purl2sym/

End of ScanCode Toolkit README

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scancode_toolkit_mini-33.0.0rc1.tar.gz (7.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

scancode_toolkit_mini-33.0.0rc1-py3-none-any.whl (3.7 MB view details)

Uploaded Python 3

File details

Details for the file scancode_toolkit_mini-33.0.0rc1.tar.gz.

File metadata

File hashes

Hashes for scancode_toolkit_mini-33.0.0rc1.tar.gz
Algorithm Hash digest
SHA256 03b932eefa7b0aeca9ad0131937d54c9714663a651b378bf5b194000521ef39d
MD5 5007785ebc3663198450ce90fa7ac9ee
BLAKE2b-256 194c5b8137a24a03f425386e98c83ac4d0ad8dbc42b313c0f943a7d1d2d516c0

See more details on using hashes here.

Provenance

The following attestation bundles were made for scancode_toolkit_mini-33.0.0rc1.tar.gz:

Publisher: scancode-release.yml on aboutcode-org/scancode-toolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file scancode_toolkit_mini-33.0.0rc1-py3-none-any.whl.

File metadata

File hashes

Hashes for scancode_toolkit_mini-33.0.0rc1-py3-none-any.whl
Algorithm Hash digest
SHA256 d16fe8777fecd9eb5054dbe9f71c718f8a208d865fd94b69aeb6913e988e61e9
MD5 e19f29b0aa20d219ba7db9bcf1e6456b
BLAKE2b-256 b9afde4473c3d14b5a2ab70ff7f55f9ff420e587a8a70027b1a4c6269d78dacd

See more details on using hashes here.

Provenance

The following attestation bundles were made for scancode_toolkit_mini-33.0.0rc1-py3-none-any.whl:

Publisher: scancode-release.yml on aboutcode-org/scancode-toolkit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page